Você está aqui: Página Inicial / Blog / The LGPD for the end user: do you know your rights?

The LGPD for the end user: do you know your rights?

The Brazilian General Data Protection Law (LGPD) is constantly discussed from the companies' perspective - much is said about the best practices and strategies for companies to ensure compliance with the regulation. However, little is said about the rights that this regulation grants to end users. We must remember that if Brazilian citizens do not know their rights, there is no point in the law being in effect since citizens will not demand its enforcement.

Different from what many business persons think, the LGPD was not designed simply to punish companies that leak data  - on the contrary, it was drafted focusing precisely on the protection of the individual right to privacy. After all, article 5 of 1988 Constitution guarantees that "the privacy, private life, honor, and image of people are inviolable, and the right to compensation for material or moral damage resulting from their violation is guaranteed."

This means that since 1988, Brazilian citizens are guaranteed, as a fundamental right, the protection of their personal and private information, and may be compensated in the event this right is violated (resulting in the exposure of said data). However, over the years, the collecting and use of internet user data has increased dramatically, and information has become a precious asset - used for targeted advertising, for market research, for strategic decisions, and to feed artificial intelligence algorithms.

The data are yours!

In light of this, it became evident that distinct legislation was needed to describe this fundamental right in more detail - and, along the lines of the European General Data Protection Regulation (GDPR), the LGPD was born, to guarantee the protection of people's privacy in modern times.

So, the first thing to keep in mind is that with such a law in effect, more than ever before, your data is your property, including both identifiable data (name, ID number, CPF, date of birth, etc.) as well as sensitive data (religious beliefs and sexual orientation, medical status, political opinion, and so on). You are under no obligation to provide this data, and you may do so at your own discretion in order to have access to products, services, or special conditions.

And this is where an important right of data subjects under the LGPD arises: the right to information. If you agree to provide your data to a particular company, you need to be informed about how they will be used, how they will be stored, the possible third parties with whom these records will be shared, and so on. No data can be processed in the dark: everything depends on your consent.

The user also has the right to free access (i.e. a person may consult, at any time, what personal information the company has in its possession), the right to security (the person must demand that the data be protected against leaks, exposure, and theft by malicious actors), the right to non-discrimination (not to be discriminated against or treated differently based on the data provided), and the right to data ratification, anonymization, or deletion (in short, the company may be requested to delete personal information at any time).

An important step

It must be pointed out that, ideally speaking, any and every company that collects, stores and processes the data of Brazilian citizens would, in theory, need to provide a fast and efficient contact channel so that the data subjects can make such requests in the friendliest way possible (remembering that there is no need for formalities or the use of legal language - an email requesting access to or the deletion of personal information should be enough). Legal entities must respond to such requests within 15 days.

Of course, as much as the LGPD symbolizes a great step forward in the protection of the personal data of Brazilian citizens, there is room for improvement - currently, the law only provides for punishment of companies that fail to comply with the law but does not provide terms to indemnify data subjects whose privacy has been violated by an eventual leak (a right that, as mentioned above, is provided for by the Constitution).

Nevertheless, now that you know your rights, assert them and make sure that companies are fulfilling their duty for a safer Internet!

Article translated from: LGPD para o usuário final: você sabe quais são os seus direitos? — Perallis Security